Rating Breakdown

SC Lab Reviews

Summary

The emerging spyware threat is spawning a horde of anti-spyware products. Some have been around for a while, such as the excellent AdAware and Spybot – Search and Destroy.

But these are primarily suited to consumers, or small-business environments.

Larger, corporate users need much higher levels of capability in their environments.

Not surprisingly, since spyware detection and removal can be handled similarly to anti-virus, the anti-virus firms are rushing on to the scene.

But others, such as Webroot (which has its background in products such as popup blockers and privacy tools for web browsers), are also dressing up to come to the party.

Webroot sent us Spy Sweeper Enterprise 2.1, a trial of which you can download from the firm's website, and we pointed it at a network of machines stuffed to the gunwales with adware and spyware (in other words, ones that had been allowed to browse the web for more than five minutes with a pre-SP2 version of Internet Explorer).

Installation is easy enough, with default parameters for updates (both from Webroot, and for your internal clients), and networking options. Once set up, the services started up smoothly, and a single program icon for the administration console keeps things nice
and simple.

A database is required, and the software is able to use either Microsoft SQL Server 2000 or Elevate Software's DBISAM, included with the software.

The management console is structured in the now standard two-panel view, like a Microsoft Management Console plugin, although it is not in fact an MMC agent. Maybe it should be, but we did not mind it on its own.

The product is well designed for large enterprises.

A two-tier update model is provided – you can configure distribution servers, which can then be used to push out software and updates.

Webroot recommends that organizations with more than 500 users consider deploying distribution servers to take the load off the central server.

In the various reporting tools, which can provide both snapshots of current threats and detailed analyses of spyware activity, the software is adept at structuring the information so that even very large environments will be manageable.

Client deployment can be accomplished in several ways.

The easiest way is automatically though the GUI, where a Microsoft network browser gives a view of nodes on the network (although we crashed this part of the GUI on our network).

There are also MSI installers, which can be pushed out to clients and run locally.

The installation is very light-touch, even when using the MSI files – configuration options are sent along in an INI file, and it silently installs and sets itself up without bothering the user at all.

The final result is an orange gunsight icon in the taskbar, which brings up the user frontend when clicked.

Scanning the drive was a little time-consuming, taking around 12 minutes (against about half that for an anti-virus scan on the same system), but it was thorough.

Spy Sweeper did not catch all the spyware on our test systems, but then we did not expect it to – no single anti-spyware product has got that good yet – but it was very good, catching all but a few and without any false positives.

Once items have been detected, they can be removed or quarantined much as viruses would be, and the administration console is updated with logs of the threats and the actions taken.

We liked the interface a lot, but most users will never see it – the software is intended to be left silently scanning and updating in the background, calling home when necessary.

A healthy user guide accompanies the product, with not only thorough instructions on operating the software, but also useful notes on likely scenarios, as well as other little extras.

Webroot's Spy Sweeper Enterprise 2.1 is as good as anything else we have seen, and sets some high standards in terms of management and administration.

While the corporate anti-spyware market is still developing, this is a good product to look at.

We can't recommend you use it on its own, though. Like anti-virus (but more so) you still need overlapping protection from two or more products to really be sure.

But Spy Sweeper is a good choice as your first line of defense against spyware.

Get SC Media delivered to your inbox

Whitepaper of the Day

Newswire

Buzz

I would like to receive relevant information via email from Haymarket Media.

SC Media arms cybersecurity professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.